Version
0.7.0 of the rkt container runtime system is available. "This
release includes new subcommands for a rkt image to manipulate images from
the local store, a new build system based on autotools and integration with
SELinux. These new capabilities improve the user experience, make it easier
to build future features and improve security isolation between
containers."

It has been nearly a year and a half since the last major Python release,
which was 3.4 in March 2014—that means it is about time for
Python 3.5. We looked at some of the new
features in 3.4 at the time of its first release candidate, so the announcement of the penultimate beta release
for 3.5 seems like a good time to see what will be coming in the new release.

Subscribers can click below to see the full article from this week's edition.

Linux.com has an interview
with Bruce Schneier. "Schneier: The most important takeaway is that we are all vulnerable to this sort of attack. Whether it's nation-state hackers (Sony), hactivists (HB Gary Federal, Hacking Team), insiders (NSA, US State Department), or who-knows-who (Saudi Arabia), stealing and publishing an organization's internal documents can be a devastating attack. We need to think more about this tactic: less how to prevent it -- we're already doing that and it's not working -- and more how to deal with it. Because as more people wake up and realize how devastating an attack it is, the more we're going to see it."

The Free Software Foundation (FSF) and Software Freedom Conservancy (SFC) have both put out statements about a change to the Canonical, Ltd. "intellectual property" policy that was negotiated over the last two years (FSF statement and SFC statement). Effectively, Canonical has added a "trump clause" that clarifies that the licenses of the individual packages override the Canonical policy when there is a conflict. Though, as SFC points out: "While a trump clause is a reasonable way to comply with the GPL in a secondary licensing document, the solution is far from ideal. Redistributors of Ubuntu have little choice but to become expert analysts of Canonical, Ltd.'s policy. They must identify on their own every place where the policy contradicts the GPL. If a dispute arises on a subtle issue, Canonical, Ltd. could take legal action, arguing that the redistributor's interpretation of GPL was incorrect. Even if the redistributor was correct that the GPL trumped some specific clause in Canonical, Ltd.'s policy, it may be costly to adjudicate the issue." While backing the change made, both FSF and SFC recommend further changes to make the situation even more clear.

LinuxVoice has an interview with Perl creator Larry Wall. "So I was the language designer, but I was almost explicitly told: 'Stay out of the implementation! We saw what you did made out of Perl 5, and we don’t like it!' It was really funny because the innards of the new implementation started looking a whole lot like Perl 5 inside, and maybe that’s why some of the early implementations didn’t work well."

Opensource.com has an interview
with Bradley Kuhn. "I continued on in my professional career, which included developing and supporting proprietary software, but I found that the lack of source code and/or the ability to rebuild it myself constantly hampered my ability to do my job. Proprietary software companies today are more careful to give "some open source"; thus, many technology professionals don't realize until it's too late how crippling proprietary software can be when you rely on it every day. In the mid 1990s, hardly any business software license gave us software freedom, so denying our rights to practice our profession (i.e, fix software) made many of us hate our jobs. I considered leaving the field of software entirely because I disliked working with proprietary software so much.
Those experiences made me a software freedom zealot. I made a vow that I never wanted any developer or sysadmin to feel the constraints of proprietary software licensing, which limits technologists by what legal agreements their company's lawyers can negotiate rather than their technical skill."

ITNews reports
that the US National Security Agency is in the process of releasing its
systems integrity management platform - SIMP. "SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security.
NSA said it released the tool to avoid duplication after US government
departments and other groups tried to replicate the product in order to
meet compliance requirements set by US Defence and intelligence
bodies." Currently only RHEL and CentOS versions 6.6 and 7.1 are supported.

Slightly less than one year ago, the Debian community had an extended discussion on whether the FFmpeg multimedia library should return to
the distribution. Debian had followed the contentious libav fork when it happened in 2011, but some
community members were starting to have second thoughts about that move.
At the time, the
discussion died out without any changes being made, but the seeds had
evidently been planted; on July 8, the project's multimedia developers
announced that not only was FFmpeg
returning to Debian, but it would be replacing libav.

Click below (subscribers only) for a look at how this decision was made.

The second 4.2 prepatch is available for
testing. "This is not a particularly big rc, and things have been
fairly calm. We definitely did have some problems in -rc1 that bit people,
but they all seemed to be pretty small, and let's hope that -rc2 ends up
having fewer annoying issues."

Here's a
discouraging blog post from Dave Jones on why he will no longer be
developing the Trinity fuzz tester. "It’s no coincidence that the
number of bugs reported found with Trinity have dropped off sharply since
the beginning of the year, and I don’t think it’s because the Linux kernel
suddenly got lots better. Rather, it’s due to the lack of real ongoing
development to 'try something else' when some approaches dry up. Sadly we
now live in a world where it’s easier to get paid to run someone else’s
fuzzer these days than it is to develop one."

ZDNet has an interview about "microservices" with Red Hat VP of engineering for middleware, Dr. Mark Little. Microservices are a relatively recent software architecture that relies on small, easily replaced components and is an alternative to the well-established service-oriented architecture (SOA)—but it is not a panacea:
"'Just because you adopt microservices doesn't suddenly mean your badly architected ball of mud is suddenly really well architected and no longer a ball of mud. It could just be lots of distributed balls of mud,' Little said.
'That worries me a bit. I've been around service-oriented architecture for a long time and know the plus points and the negative points. I like microservices because it allows us to focus on the positive points but it does worry me that people see it as the answer to a lot of problems that it's never going to be the answer for.'"

Greg Kroah-Hartman has announced the release of the 4.1.2, 4.0.8,
3.14.48, and 3.10.84 stable kernels. All contain important
fixes and users should upgrade. In addition, this is the second to last
4.0.x release (i.e. there will be a 4.0.9, but that's the last), so users
should be making plans to move to 4.1.x.

The OpenSSL project has disclosed a new
certificate validation vulnerability. "During certificate
verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will
attempt to find an alternative certificate chain if the first attempt to
build such a chain fails. An error in the implementation of this logic can
mean that an attacker could cause certain checks on untrusted certificates
to be bypassed, such as the CA flag, enabling them to use a valid leaf
certificate to act as a CA and 'issue' an invalid certificate."
This is thus a client-side, man-in-the-middle vulnerability.

Note that the affected versions of OpenSSL were released in mid-June;
anybody with an older release should not be vulnerable.

More in Tux Machines

Leftovers: Gaming

Middle-Earth: Shadow of Mordor was by far one of the best games of 2014. With great combat, abilities, and a really interesting Nemesis system, I was really surprised by what I was expecting to be a pretty generic Batman: Arkham Mordor rip-off.

Evoland developers Shiro Games recently announced the release date for the anticipated sequel, and though there's no firm release date for Linux yet, it shouldn't be far behind the Windows release. If you didn't catch the great looking trailer when we last wrote about Evoland 2, here it is again for you to enjoy:

Codename CURE is a reasonable well rated first-person shooter on Steam, and it has been updated to include a Linux version.
The game is free to play, so you lose nothing by trying it. It has quite lot of positive reviews going for it too, if you trust user reviews.

It's not often I get over excited about a game, and I'm not entirely sure how this flew under my radar, but Shallow Space looks seriously good. You can pre-order now for $15 which will give you access to early builds when they are available. We never recommend pre-ordering, but this looks like it could be a safe bet since it already has Linux builds available.

KDE and Akademy

At this year’s KDE conference Akademy, I was working on a small plasmoid to continuously track the disk quota.
The disk quota is usually used in enterprise installations where network shares are mounted locally. Typically, sysadmins want to avoid that users copy lots of data into their folders, and therefor set quotas (the quota limit has nothing to do with the physical size of a partition). Typically, once a user gets over the hard limit of the quota, the account is blocked and the user cannot login anymore. This happens from time to time, since the users are not really aware of the current quota limit and the already used disk space.

A few days ago, fellow Qt/KDE team member Lisandro gave an update on the situation with migration to Plasma 5 in Debian Testing (AKA Stretch). It’s changed again. All of Plasma 5 is now in Testing. The upgrade probably won’t be entirely smooth, which we’ll work on that after the gcc5 transition is done, but it will be much better than the half KDE4 SC half Kf5/Plasma 5 situation we’ve had for the last several days.

Red Hat and Fedora

Open source users flock to Red Hat for enterprise support, but not all subscribers like the way the company handles IT issues.
The company recently launched an updated support service. User experience is important to Red Hat Inc., and it dedicated its day-three keynote at the Red Hat Summit last month to its support.

Several research firms have weighed in on RHT. Northland Securities reissued a “buy” rating and set a $92.00 target price (up from $85.00) on shares of Red Hat in a report on Thursday, June 25th. Northland Capital Partners upped their price objective on Red Hat from $85.00 to $92.00 in a report on Thursday, June 25th. Cantor Fitzgerald reiterated a “buy” rating on shares of Red Hat in a research report on Friday, June 26th. Deutsche Bank restated a “hold” rating and set a $75.00 price objective (up from $70.00) on shares of Red Hat in a research report on Thursday, July 2nd. Finally, JPMorgan Chase & Co. reaffirmed an “overweight” rating and issued a $85.00 target price (up previously from $82.00) on shares of Red Hat in a report on Thursday, July 2nd.

So the schedule for Flock is finally fixed and I have to update some things according to my last post. First the practical part of the Wallpaper Hunt is scheduled now for Friday now instead of Satruday. Addionally I will help Máirín Duffy on Saturday morning with the Inkscape and GIMP Bootcamp, guess which part I will do.

Few days back I wrote about a locally built Fedora 22 image which has systemd-networkd handling the network configuration. You can test that image locally on your system, or on an Openstack Cloud. In case you want to test the same on AWS, we now have two AMI(s) for the same, one in the us-west-1, and the other in ap-southeast-1. Details about the AMI(s) are below:

Leftovers: Debian

Hi all,
I just looked back on the Halloween Documents, specifically
http://www.catb.org/esr/halloween/halloween1.html . Here are two quotes
I find both interesting and timely:
* Linux can win as long as services / protocols are commodities.
* OSS projects have been able to gain a foothold in many server
applications because of the wide utility of highly commoditized,
simple protocols. By extending these protocols and developing new
protocols, we can deny OSS projects entry into the market.
So next time one of the new breed calls you a neckbeard for helping
build a distro with simple protocols and services, show him
http://www.catb.org/esr/halloween/halloween1.html . And try not to
laugh when the whole thing goes right over his head.

VLANd is a python program intended to make it easy to manage port-based VLAN setups across multiple switches in a network. It is designed to be vendor-agnostic, with a clean pluggable driver API to allow for a wide range of different switches to be controlled together.